Cybercash on Vacation

Back in 1996, a small handful of cryptographers, bankers, and blue-sky thinkers were debating, on Internet mailing lists, the future of money, when one of them came up with a brilliant idea. If they formed an organization, booked a Caribbean hotel in the dead of winter, and put a few papers through the peer review process, they could get their bosses to pay them to hang out in person. They could sit in the sun and dream about what it would take to move cash, settle debts, sell things, sign contracts, and extend credit in the virtual world.

Bob Hettinga, an organizer of the resulting Financial Cryptography Conference, sounds a bit maudlin when he looks back at that first meeting, which took place in February 1997 on the island of Anguilla: “It was like all the net-dot-gods descended on Anguilla. Geeks, financial, cryptographic, and otherwise. Cypherpunks. Bankpunks, pseudonymous individuals, guys who would go on to become senior administration officials, and even people who were paying the $1,000 conference fee in cash because their corporate-sponsored lawyers told them to stay out of the papers after various previous escapades.”

This year’s conference, taking place in February and March in the Commonwealth of Dominica, doesn’t have the same luster. The program is jammed with papers about “privacy-preserving protocols” and “probabilistic escrow” but contains little from the nonacademic world. The people who work at actual financial institutions just aren’t as interested in financial cryptography as they were in 1997.

It wasn’t supposed to be this way. In 1997, the bankers, lawyers, and accountants were fascinated by what the digital magicians could do with a few equations. Even though it’s easy to make perfect copies of digital files, for instance, mathematicians found a way to produce a digital $50 bill that would stymie counterfeiters. They didn’t stop there. They imagined transactions that avoided the overhead of a central clearing house, digital currency that paid interest, and even complicated digital rights management tools that locked up music, art, and writing with the same equations used to protect money. Some talked about minting just 500 digital baseball cards for each player and letting the values rise and fall with batting averages. In short, they imagined a world where wealth was not frozen in gold and locked in vaults, but rather held in digital mechanisms that could adapt to whatever people wanted. Some mechanisms could even be as anonymous as paper cash, and transactions wouldn’t require much more than the click of a mouse.

But while the mathematics is still fascinating, the emergence of any system based on it is receding into the nebulous future. Today, credit card companies dominate the Web with a system that, at its heart, is little different from the one that employed carbon-paper chits. One of the few companies to find some success in financial cryptography, PayPal, gets most of its revenue from eBay auctions, where it serves, in essence, as a well-designed front end for the credit card system.

Adam Shostack, another of the original organizers, thinks that the reason for the failure of financial cryptography is simple. “People are conservative in how they pay for things,” he says. Indeed, the problem for financial cryptography’s would-be pioneers is that the old credit card system seems to be good enough for the new online world. If Amazon, Wal-Mart, and other e-commerce sites can keep customers happy with plastic cards, there’s little demand for any of the more exciting ideas.

Joseph Nocera, author of A Piece of the Action, a history of the credit card industry, says digital currency is facing “a chicken-and-egg question” but points out that credit cards encountered the same problem, and that their acceptance took decades. In fact, 2003 was the first year credit cards and other electronic systems carried more payments than bank checks.

As they come to appreciate just how long the road ahead will likely be, some financial cryptographers are searching for niches where they can flourish in the short term. Take, for example, Waltham, MA-based startup Peppercoin, the brainchild of MIT computer scientists Sylvio Micali and Ron Rivest. Peppercoin is attempting to specialize in very small sums (see “The Web’s New Currency,” December 2003).One of its bigger initiatives is developing a cryptographic system that would enable people to use their credit cards at parking meters, an application that would be prohibitively expensive for the traditional credit card network, which has a minimum transaction fee of about a quarter. If Peppercoin’s technology can cut transaction costs enough, it can capture this market and also make it possible for people to spend small amounts online.

The inability to handle small change isn’t the only weakness of the credit card system that calls out for cryptographic innovation. Fraud and identity theft cost society billions of dollars every year. Paul Syverson, a researcher at the U.S. Naval Research Laboratory, believes this leaves the door open for some of the new equations from this year’s Financial Cryptography Conference. The privacy-protecting mechanisms imagined by some mathematicians also have the advantage of not relying on identity verification to guarantee transactions. If the flow of money is anonymous, there’s no identity to be stolen.

Ultimately, Nocera believes, the high costs and fraud rate in the credit card industry could give new life to the dreams of the original Financial Cryptography Conference. “I actually happen to believe fairly strongly that if someone could ever figure out how to get critical mass for a form of cybercash that is not backed by a credit card,” he says, “it would be a transformative event for the Web.”